AF Form 4169: Request for IA Waiver | Air Force Download

AF Form 4169: Request for IA Waiver | Air Force Download – Information Assurance (IA) is a cornerstone of U.S. Air Force cybersecurity, protecting systems, data, and networks from threats. However, operational needs sometimes require temporary or specific relief from strict IA requirements. That’s where AF Form 4169 comes in.

This official Air Force form allows authorized personnel to formally request a waiver from Information Assurance criteria. It ensures that any deviation from standards is documented, justified, and reviewed for risk acceptance.

What Is AF Form 4169?

AF Form 4169, titled Request for Waiver from Information Assurance Criteria, is a prescribed or adopted form used within the Department of the Air Force. It provides a standardized process for submitting requests to deviate from IA policies outlined in relevant Air Force Instructions (AFIs) and manuals.

The form is particularly relevant in contexts involving Computer Security (COMPUSEC), Risk Management Framework (RMF) processes, and broader cybersecurity program management. While many waivers today route through AF Form 679 (Publication Compliance Item Waiver Request/Approval) or the RMF in eMASS, AF Form 4169 remains the dedicated tool for IA-specific criteria waivers.

Official Download:
Download the latest AF Form 4169 PDF directly from Air Force e-Publishing.

Note: Always verify the most current version on the official Air Force e-Publishing website before use, as forms can be updated.

When to Use AF Form 4169?

Use this form when your unit or program cannot fully comply with specific Information Assurance requirements due to:

  • Unique mission constraints
  • Technical limitations
  • Temporary operational needs
  • Legacy systems or equipment that cannot meet current standards

Common scenarios include requests related to COMPUSEC controls, system configurations, or other IA criteria in publications like:

  • AFI 17-130 (Air Force Cybersecurity Program Management)
  • AFMAN 17-1301 (Computer Security / COMPUSEC)
  • AFI 17-101 (Risk Management Framework for Air Force IT)

Exceptions or deviations for systems are often documented as part of the RMF authorization package. However, for targeted IA criteria waivers, AF Form 4169 provides the structured request mechanism.

Important: Not all IA issues require this form. Routine risk acceptance may occur through the RMF process with the Authorizing Official (AO). Check the specific Tier waiver authority (T-0 through T-3) in the governing publication or consult your Information Systems Security Manager (ISSM) or Cybersecurity office.

How to Complete AF Form 4169?

While the exact block layout is in the official PDF, typical sections on AF Form 4169 include:

  1. Requester Information — Unit, office symbol, name, rank/grade, contact details, and date.
  2. Specific IA Criteria/Requirement — Cite the exact paragraph, policy, or control (e.g., from AFMAN 17-1301 or NIST-based controls implemented in AF policy) that requires the waiver.
  3. Justification/Reason for Waiver — Provide a clear, detailed explanation of why compliance is not feasible. Include mission impact if the waiver is not granted.
  4. Risk Assessment/Mitigation — Describe compensating controls, residual risks, and how the mission risk is managed. This is critical for approval.
  5. Duration — Specify the requested period (e.g., 6 months, 1 year, or indefinite with review).
  6. Coordination/Approvals — Routing through the chain of command, with signatures from appropriate authorities (e.g., commander, ISSM, or higher-level waiver authority such as SAF/CNZ elements).

Best Practices for Approval:

  • Be concise yet thorough in the justification.
  • Attach supporting documentation (risk assessments, technical evaluations, mission statements).
  • Coordinate early with your local Cybersecurity office or ISSM.
  • Reference the governing AFI and any Tier waiver level.

Many sources note that a well-written request includes the deficiency, operational necessity, and risk mitigation plan.

Submission and Approval Process

  1. Complete the fillable PDF.
  2. Route through your chain of command (unit commander → MAJCOM or appropriate functional reviewer).
  3. For higher-level IA waivers, coordination may involve SAF/CNZ (Chief Information Security Officer elements) or the publication’s Office of Primary Responsibility (OPR).
  4. Track the request and maintain records per AFMAN 33-363 (Management of Records).

Waiver authorities vary by the Tier level in the source publication. For non-tiered items, commanders may have more flexibility, but IA matters often require higher review due to cybersecurity implications.

  • AFI 17-130: Core guidance for the Air Force Cybersecurity Program.
  • AFI 17-101: Details the RMF process for IT systems.
  • AFMAN 17-1301: Focuses on Computer Security (COMPUSEC) compliance.
  • eMASS: Primary system for RMF documentation and authorizations.
  • Air Force e-Publishing: Official source for all forms and publications.

Personnel should also review DAF Guidance Memorandums (DAFGMs) for any updates to cybersecurity waiver processes.

Why Proper IA Waiver Documentation Matters?

Submitting a complete AF Form 4169 helps maintain accountability while enabling mission success. It ensures risks are understood and accepted at the appropriate level, supporting the Air Force’s overall cybersecurity posture under DoD and national standards.

Pro Tip for Air Force Members: Consult your unit’s Cybersecurity personnel or the Wing Information Assurance office before submitting. They can provide tailored guidance and help avoid common pitfalls in the request.

Need the Form?

Click here to download: AF Form 4169 PDF.

For questions about your specific case, reach out to your local ISSM/ISSO or reference the latest versions of AFI 17-series publications on e-Publishing.

This guide is for informational purposes and is based on publicly available Air Force resources as of 2026. Always use official channels and current publications for compliance. Policies and forms can change—verify directly with Air Force e-Publishing and your command.

Keywords: AF Form 4169, Information Assurance waiver, Air Force IA waiver, AFI 17-130, COMPUSEC waiver, cybersecurity waiver request, Air Force form 4169 download.

This article is optimized for U.S. Air Force personnel, commanders, and cybersecurity professionals seeking clear, actionable guidance on requesting IA waivers.